A blockchain database or data structure is a sequential transactional database that may be distributed and is communicatively connected to a network. Sequential transactional databases are well known in the field of cryptocurrencies and are documented, for example, in “Mastering Bitcoin: Unlocking Digital Crypto-Currencies,” (Andreas M. Antonopoulos, O'Reilly Media, April 2014). For convenience, such a database is herein referred to as a blockchain though other suitable databases, data structures or mechanisms possessing the characteristics of a sequential transactional database can be treated similarly. A blockchain provides a distributed chain of block data structures accessed by a network of nodes known as a network of miners. Each block in the blockchain includes one or more transaction data structures. In some blockchains, such as the BitCoin blockchain, the blockchain includes a Merkle tree of hash or digest values for transactions included in the block to arrive at a hash value for the block, which is itself combined with a hash value for a preceding block to generate a chain of blocks (blockchain). A new block of transactions is added to the blockchain by miner software, hardware, firmware or combination components in the miner network. Miners are communicatively connected to sources of transactions and access or copy the blockchain. A miner undertakes validation of a substantive content of a transaction (such as criteria and/or executable code included therein) and adds a block of new transactions to the blockchain when a challenge is satisfied, typically such challenge involving a combination hash or digest for a prospective new block and a preceding block in the blockchain and some challenge criterion. Thus miners in the miner network may each generate prospective new blocks for addition to the blockchain. Where a miner satisfies or solves the challenge and validates the transactions in a prospective new block such new block is added to the blockchain. Accordingly the blockchain provides a distributed mechanism for reliably verifying a data entity such as an entity constituting or representing the potential to consume a resource.
While the detailed operation of blockchains and the function of miners in the miner network is beyond the scope of this specification, the manner in which the blockchain and network of miners operate is intended to ensure that only valid transactions are added within blocks to the blockchain in a manner that is persistent within the blockchain. Transactions added erroneously or maliciously should not be verifiable by other miners in the network and should not persist in the blockchain. This attribute of blockchains is exploited by applications of blockchains and miner networks such as cryptocurrency systems in which currency amounts are expendable in a reliable, auditable, verifiable way without repudiation. For example, blockchains are employed to provide certainty that a value of cryptocurrency is spent only once and double spending does not occur (that is spending the same cryptocurrency twice).
Despite the architecture of blockchain systems, malicious attacks present a threat to the security and reliability of blockchains. One such malicious attack involves a single entity (or entities under common control) procuring or appearing to procure sufficient computing resource to constitute more than half of all mining resource working with a blockchain. The mechanism of this attack is documented at en.bitcoin.it/wiki/Majority_attack as follows (creative commons attribution license 3.0):                A majority attack (usually labeled 51% attack or >50% attack) is an attack on the network. This attack has a chance to work even if the merchant waits for some confirmations, but requires extremely high relative hashrate. The attacker submits to the merchant/network a transaction which pays the merchant, while privately mining a blockchain fork in which a double-spending transaction is included instead. After waiting for n confirmations, the merchant sends the product. If the attacker happened to find more than n blocks at this point, he releases his fork and regains his coins; otherwise, he can try to continue extending his fork with the hope of being able to catch up with the network. If he never manages to do this, the attack fails and the payment to the merchant will go through. The work done mining will also go to waste, as any new bitcoins would be overwritten by the longest chain. The probability of success is a function of the attacker's hashrate (as a proportion of the total network hashrate) and the number of confirmations the merchant waits for. For example, if the attacker controls 10% of the network hashrate but the merchant waits for 6 confirmations, the success probability is on the order of 0.1%. If the attacker controls more than half of the network hashrate, this has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage. No amount of confirmations can prevent this attack.        
Other attacks also pose a threat to the blockchain and its users, including: the Sybil attack in which an entity attempts to fill a miner network with clients controlled centrally or pseudonymous miners; and various denial of service attacks such as sending excessive data to a miner to overwhelm the miner such that it cannot process normal blockchain transactions.
Accordingly it would be advantageous to provide a mechanism for detecting and mitigating threats to blockchain environments.